Provides requirements for enrollment and identity proofing of applicants for access to resources at each Identity Assurance Level (IAL) and the responsibilities of Credential Service Providers (CSPs) with respect to establishing and maintaining enrollment records and binding authenticators. Also in this document is a figure (Figure 4-1 The Identity Proofing User Journey) that outlines the basic flow for identity proofing and enrollment.

Don't expire a password without reason such as forgotten, phishing, or a password database was stolen

These changes are in contrast to present password requirements in other standards such as PCI DSS 3.2. We expect feedback from those standards organizations in the coming months as relates to these changes.

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.